Lucene search
DebianDEBIAN:DLA-67-1:7F98BHistorySep 30, 2014 - 7:41 a.m.
[SECURITY] [DLA 67-1] php5 security update
2014-09-3007:41:52
lists.debian.org
17
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.028 Low
EPSS
Percentile
90.5%
Package : php5
Version : 5.3.3-7+squeeze22
CVE ID : CVE-2014-3538 CVE-2014-3587 CVE-2014-3597
CVE-2014-3538
It was discovered that the original fix for CVE-2013-7345 did not
sufficiently address the problem. A remote attacker could still
cause a denial of service (CPU consumption) via a specially-crafted
input file that triggers backtracking during processing of an awk
regular expression rule.
CVE-2014-3587
It was discovered that the CDF parser of the fileinfo module does
not properly process malformed files in the Composite Document File
(CDF) format, leading to crashes.
CVE-2014-3597
It was discovered that the original fix for CVE-2014-4049 did not
completely address the issue. A malicious server or
man-in-the-middle attacker could cause a denial of service (crash)
and possibly execute arbitrary code via a crafted DNS TXT record.
CVE-2014-4670
It was discovered that PHP incorrectly handled certain SPL
Iterators. A local attacker could use this flaw to cause PHP to
crash, resulting in a denial of service.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 7 | s390 | libapache2-mod-php5filter | < 5.4.4-14+deb7u13 | libapache2-mod-php5filter_5.4.4-14+deb7u13_s390.deb |
| Debian | 7 | armel | php5-pspell | < 5.4.4-14+deb7u13 | php5-pspell_5.4.4-14+deb7u13_armel.deb |
| Debian | 7 | powerpc | php5-xmlrpc | < 5.4.4-14+deb7u13 | php5-xmlrpc_5.4.4-14+deb7u13_powerpc.deb |
| Debian | 7 | i386 | php5-mysql | < 5.4.4-14+deb7u13 | php5-mysql_5.4.4-14+deb7u13_i386.deb |
| Debian | 7 | kfreebsd-i386 | php5-xmlrpc | < 5.4.4-14+deb7u13 | php5-xmlrpc_5.4.4-14+deb7u13_kfreebsd-i386.deb |
| Debian | 7 | s390x | php5-cli | < 5.4.4-14+deb7u13 | php5-cli_5.4.4-14+deb7u13_s390x.deb |
| Debian | 7 | sparc | php5-cgi | < 5.4.4-14+deb7u13 | php5-cgi_5.4.4-14+deb7u13_sparc.deb |
| Debian | 7 | sparc | php5-dbg | < 5.4.4-14+deb7u13 | php5-dbg_5.4.4-14+deb7u13_sparc.deb |
| Debian | 6 | amd64 | php5-sybase | < 5.3.3-7+squeeze22 | php5-sybase_5.3.3-7+squeeze22_amd64.deb |
| Debian | 7 | armhf | php5-common | < 5.4.4-14+deb7u13 | php5-common_5.4.4-14+deb7u13_armhf.deb |
Related
nessus
nessus
Debian DLA-67-1 : php5 security update
2015-03-26 00:00:00
Debian DSA-3008-1 : php5 - security update
2014-08-22 00:00:00
PHP 5.4.x < 5.4.32 / 5.5.x < 5.5.16 Multiple Vulnerabilities
2014-08-28 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-67-1)
2023-03-08 00:00:00
Debian Security Advisory DSA 3008-1 (php5 - security update)
2014-08-21 00:00:00
Debian: Security Advisory (DSA-3008-1)
2014-08-20 00:00:00
osv
osv
php5 - security update
2014-09-30 00:00:00
php5 - security update
2014-08-21 00:00:00
file - security update
2014-09-10 00:00:00
debian
debian
[SECURITY] [DSA 3008-1] php5 security update
2014-08-21 06:22:21
[SECURITY] [DSA 3008-1] php5 security update
2014-08-21 06:22:21
[SECURITY] [DSA 3008-2] php5 regression update
2014-08-21 12:39:59
oraclelinux
oraclelinux
php security update
2014-09-30 00:00:00
php53 and php security update
2014-09-30 00:00:00
file security, bug fix, and enhancement update
2016-05-12 00:00:00
mageia
mageia
Updated php packages fix security vulnerabilities
2014-08-08 15:23:49
Updated file packages fix security vulnerability
2014-08-06 00:08:48
Updated php packages fix multiple security vulnerabilities
2014-09-05 13:07:37
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:11:28
Arbitrary Code Execution
2019-05-02 05:04:21
Arbitrary Code Execution
2019-05-02 05:04:19
prion
prion
Design/Logic Flaw
2014-07-03 14:55:00
Buffer overflow
2014-08-23 01:55:00
Design/Logic Flaw
2014-03-24 16:31:00
ubuntucve
ubuntucve
debiancve
debiancve
cve
cve
slackware
slackware
[slackware-security] php
2014-09-04 22:00:56
[slackware-security] php
2014-04-21 21:13:00
securityvulns
securityvulns
[USN-2344-1] PHP vulnerabilities
2014-09-15 00:00:00
PHP security vulnerabilities
2014-09-15 00:00:00
[slackware-security] php (SSA:2014-111-02)
2014-05-04 00:00:00
kitploit
kitploit
Versionscan - A PHP Version Scanner For Reporting Possible Vulnerabilities
2019-05-21 21:17:00
ubuntu
ubuntu
PHP vulnerabilities
2014-09-10 00:00:00
file vulnerability
2014-10-03 00:00:00
file vulnerabilities
2014-07-15 00:00:00
redhat
redhat
(RHSA-2014:1327) Moderate: php security update
2014-09-30 00:00:00
(RHSA-2014:1326) Moderate: php53 and php security update
2014-09-30 00:00:00
(RHSA-2014:1765) Important: php54-php security update
2014-10-30 00:00:00
centos
centos
php security update
2014-09-30 10:59:18
php, php53 security update
2014-09-30 10:27:47
file, python security update
2016-05-16 10:13:44
f5
f5
SOL15761 - Multiple PHP 5.x vulnerabilities
2014-10-30 00:00:00
K15761 : Multiple PHP 5.x vulnerabilities
2015-09-17 00:00:00
K15303 : PHP vulnerability CVE-2013-7345
2014-06-05 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: file-5.19-7.fc20
2014-10-29 11:03:54
[SECURITY] Fedora 20 Update: file-5.19-4.fc20
2014-08-24 02:55:59
[SECURITY] Fedora 20 Update: php-5.5.16-1.fc20
2014-09-02 06:40:37
amazon
amazon
gentoo
gentoo
file: Denial of service
2014-08-26 00:00:00
checkpoint_advisories
checkpoint_advisories
PHP Fileinfo cdf_read_property_info Denial of Service (CVE-2014-3587)
2014-10-26 00:00:00
PHP php_parserr DNS_TXT Heap Buffer Overflow (CVE-2014-4049)
2014-07-16 00:00:00
ibm
ibm
kaspersky
kaspersky
KLA10290 DoS vulnerability in PHP
2014-07-10 00:00:00
suse
suse
Security update for PHP5 (important)
2014-07-04 00:04:20
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.028 Low
EPSS
Percentile
90.5%
Related for DEBIAN:DLA-67-1:7F98B